by acevic on Sun Jun 12, 2011 4:15 pm
([msg=58404]see Social Engineering 101[/msg])
I am not sure as to whether the lectures are still active or that there is a lack of presenters so I will try my luck through this thread. I have read through Monica's (old) thread on lectures and it linked to this forum.
I fully understand the risks of practically carrying out the methods below. This lecture is for a better understanding of how a hacker can penetrate even through the strongest security systems without much technical skill. This lecture should provide a learner with a better understanding of how easily the human mind can be exploited and what to look out for. Even the most advanced of security experts are vulnerable to psychological attacks which may lead to major IT security breaches.
I am not trying to imply that I know "sure" ways of how to get through a person. The human mind is very unpredictable and that cannot be emphasized enough. The best bet is to analyze the mentality and use your own educated judgement in order to predict the probability of the results.
The following, are the topics (not limited to and not in sequence) I'd like to cover:
Social engineering (introduction)- Hacking the weakest link in security
On-screen psychology (spoofing your identity via the way you type, spoofing your online personality)
Psychological pattern analysis (spotting out vulnerabilities in the emotions and mindset of the target)
Psychological prediction and intuition (analysis of the probabilities of what the result of your stimuli may be)
Identity theft and identity spoofing (spoofing e-mail identities, web sites, social network accounts and administrative identities)
Lying: How to lie and sell it
Off-screen psychology (spoofing your identity in person)
Bluff interrogation & reverse interrogation
Recon and surveillance of public records and how to interpret them
"Confusion is bliss!" (blending lies with the truth)
"Hey! I know you!" (becoming friends before even talking to the person)
Emotion: The bug without a fix
Reverse social engineering
My background: I am ex-military (used to work for an anti piracy unit for software and music...have a bit of know how on military intelligence), a computer enthusiast (I know a bit of web coding here and there), a businessman (current profession) and a prospective professional penetration tester (working on it).
Experience related to social engineering: I have worked with various online watchdogs (not specified for obvious reasons) and I enjoy baiting myself to social engineers and trolling them for weeks until I flame them and report them. As for off-screen social engineering, I have had to take up various identities and deceive a lot of people during my military employment for pirate raids. Other than relevant hands-on experience, I have read through a lot of related books and web resources.
If this lecture gets approved, I would like to invite anyone else who is interested in presenting with me. The lecture will be audio based.
Thank you for your time,
Ace
My crime is that of outsmarting you, something that you will never forgive me
for.